Prisma Compute : Registry scan fails with error - proxyconnect tcp: dial tcp <proxyIP:port>: i/o timeout

Prisma Compute : Registry scan fails with error - proxyconnect tcp: dial tcp <proxyIP:port>: i/o timeout

1184
Created On 03/24/23 11:30 AM - Last Modified 03/18/24 14:54 PM


Symptom


Registry scan fails with the below error on the defender logs. 
 Discovering repositories in registry registry.whatever.sg 0/0 failed to create docker client Get
 "https://registry.whatever.sg/api/version": proxyconnect tcp: dial tcp 10.10.5.60:80: i/o timeout

Environment


  • Prisma Cloud Compute Edition
  • Registry Scan

Cause


Issue 1 :
If Defender had to reach the URL through web-proxy and proxy does not allow it.

Issue 2:
If Defender is behind web-proxy but should not go through the proxy to reach this URL.

Resolution


For Issue 1 :
1. Allow the defender to connect to registry URL (registry.whatever.sg) through the Proxy.

For Issue 2 :
1. Configure the Registry URL or a wildcard match on the No Proxy Column and save it.

GUI Path: Compute > Manage > System > Select Proxy
Screenshot 2023-03-24 at 7.26.39 PM.png

2. Then redeploy the defenders by downloading the new Daemon Set YAML or HELM Chart
 

Additional Information


This applies to other similar proxy error that defender might get.
For eg. The same error could come up for Defender to Console communication.
In that case add the Console's URL/IP to the No Proxy list.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sb8yCAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail